openscap 0.4.2 → 0.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/openscap/version.rb +2 -2
- data/lib/openscap/xccdf.rb +3 -0
- data/lib/openscap/xccdf/benchmark.rb +19 -0
- data/lib/openscap/xccdf/fix.rb +52 -0
- data/lib/openscap/xccdf/group.rb +21 -0
- data/lib/openscap/xccdf/item.rb +127 -0
- data/lib/openscap/xccdf/reference.rb +44 -0
- data/lib/openscap/xccdf/rule.rb +56 -0
- data/lib/openscap/xccdf/ruleresult.rb +2 -2
- data/lib/openscap/xccdf/value.rb +20 -0
- data/test/xccdf/benchmark_test.rb +77 -3
- metadata +39 -33
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e30737f4990bfe359c86b45841cf4a5e0281e035
|
4
|
+
data.tar.gz: 22408716531e01a79382d669af9f9f03c80a755b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0a9140dfcc70691f3a30c0635f7bc75e79d11fa0b252e70d83d199473c8b8b467c6ec994b3735789ee6380e354e8e5d69f909b11b92cc8aceeface2705caea51
|
7
|
+
data.tar.gz: 9ba5ca94e677dab959b5bb0913f44a36d622d0d4af63e8a880d4f6af4d9eb255a0b6683e5f9a6b0e96ab98d9f74eb6b9d5b0a50378055053db0f6eec6433e3a7
|
data/lib/openscap/version.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
#
|
2
|
-
# Copyright (c) 2014 Red Hat Inc.
|
2
|
+
# Copyright (c) 2014--2015 Red Hat Inc.
|
3
3
|
#
|
4
4
|
# This software is licensed to you under the GNU General Public License,
|
5
5
|
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
@@ -10,5 +10,5 @@
|
|
10
10
|
#
|
11
11
|
|
12
12
|
module OpenSCAP
|
13
|
-
VERSION = '0.4.
|
13
|
+
VERSION = '0.4.3'
|
14
14
|
end
|
data/lib/openscap/xccdf.rb
CHANGED
@@ -11,6 +11,7 @@
|
|
11
11
|
|
12
12
|
require 'openscap/source'
|
13
13
|
require 'openscap/xccdf/profile'
|
14
|
+
require 'openscap/xccdf/item'
|
14
15
|
|
15
16
|
module OpenSCAP
|
16
17
|
module Xccdf
|
@@ -32,6 +33,10 @@ module OpenSCAP
|
|
32
33
|
@profiles ||= profiles_init
|
33
34
|
end
|
34
35
|
|
36
|
+
def items
|
37
|
+
@items ||= items_init
|
38
|
+
end
|
39
|
+
|
35
40
|
def destroy
|
36
41
|
OpenSCAP.xccdf_benchmark_free @raw
|
37
42
|
@raw = nil
|
@@ -50,6 +55,20 @@ module OpenSCAP
|
|
50
55
|
OpenSCAP.xccdf_profile_iterator_free profit
|
51
56
|
profiles
|
52
57
|
end
|
58
|
+
|
59
|
+
def items_init
|
60
|
+
items = {}
|
61
|
+
items_it = OpenSCAP.xccdf_item_get_content raw
|
62
|
+
while OpenSCAP.xccdf_item_iterator_has_more items_it
|
63
|
+
item_p = OpenSCAP.xccdf_item_iterator_next items_it
|
64
|
+
item = OpenSCAP::Xccdf::Item.build item_p
|
65
|
+
items.merge! item.sub_items
|
66
|
+
items[item.id] = item
|
67
|
+
# TODO: iterate through childs
|
68
|
+
end
|
69
|
+
OpenSCAP.xccdf_item_iterator_free items_it
|
70
|
+
items
|
71
|
+
end
|
53
72
|
end
|
54
73
|
end
|
55
74
|
|
@@ -0,0 +1,52 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2015 Red Hat Inc.
|
3
|
+
#
|
4
|
+
# This software is licensed to you under the GNU General Public License,
|
5
|
+
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
+
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
+
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
+
# along with this software; if not, see
|
9
|
+
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
+
#
|
11
|
+
|
12
|
+
module OpenSCAP
|
13
|
+
module Xccdf
|
14
|
+
class Fix
|
15
|
+
def initialize(raw)
|
16
|
+
fail OpenSCAP::OpenSCAPError, "Cannot initialize OpenSCAP::Xccdf::Reference with '#{raw}'" \
|
17
|
+
unless raw.is_a?(FFI::Pointer)
|
18
|
+
@raw = raw
|
19
|
+
end
|
20
|
+
|
21
|
+
def id
|
22
|
+
OpenSCAP.xccdf_fix_get_id(@raw)
|
23
|
+
end
|
24
|
+
|
25
|
+
def platform
|
26
|
+
OpenSCAP.xccdf_fix_get_platform(@raw)
|
27
|
+
end
|
28
|
+
|
29
|
+
# system is a reserved word in Rails, so didn't use it
|
30
|
+
def fix_system
|
31
|
+
OpenSCAP.xccdf_fix_get_system(@raw)
|
32
|
+
end
|
33
|
+
|
34
|
+
def content
|
35
|
+
OpenSCAP.xccdf_fix_get_content(@raw)
|
36
|
+
end
|
37
|
+
|
38
|
+
def to_hash
|
39
|
+
{
|
40
|
+
:id => id,
|
41
|
+
:platform => platform,
|
42
|
+
:system => fix_system,
|
43
|
+
:content => content
|
44
|
+
}
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
attach_function :xccdf_fix_get_id, [:pointer], :string
|
49
|
+
attach_function :xccdf_fix_get_platform, [:pointer], :string
|
50
|
+
attach_function :xccdf_fix_get_system, [:pointer], :string
|
51
|
+
attach_function :xccdf_fix_get_content, [:pointer], :string
|
52
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2015 Red Hat Inc.
|
3
|
+
#
|
4
|
+
# This software is licensed to you under the GNU General Public License,
|
5
|
+
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
+
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
+
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
+
# along with this software; if not, see
|
9
|
+
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
+
#
|
11
|
+
|
12
|
+
require 'openscap/exceptions'
|
13
|
+
require 'openscap/xccdf'
|
14
|
+
require 'openscap/xccdf/item'
|
15
|
+
|
16
|
+
module OpenSCAP
|
17
|
+
module Xccdf
|
18
|
+
class Group < Item
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,127 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2015 Red Hat Inc.
|
3
|
+
#
|
4
|
+
# This software is licensed to you under the GNU General Public License,
|
5
|
+
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
+
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
+
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
+
# along with this software; if not, see
|
9
|
+
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
+
#
|
11
|
+
|
12
|
+
require 'openscap/exceptions'
|
13
|
+
require 'openscap/text'
|
14
|
+
require 'openscap/xccdf/group'
|
15
|
+
require 'openscap/xccdf/rule'
|
16
|
+
require 'openscap/xccdf/reference'
|
17
|
+
|
18
|
+
module OpenSCAP
|
19
|
+
module Xccdf
|
20
|
+
class Item
|
21
|
+
def self.build(t)
|
22
|
+
fail OpenSCAP::OpenSCAPError, "Cannot initialize OpenSCAP::Xccdf::Item with #{t}" \
|
23
|
+
unless t.is_a?(FFI::Pointer)
|
24
|
+
# This is Abstract base class that enables you to build its child
|
25
|
+
case OpenSCAP.xccdf_item_get_type t
|
26
|
+
when :group
|
27
|
+
OpenSCAP::Xccdf::Group.new t
|
28
|
+
when :rule
|
29
|
+
OpenSCAP::Xccdf::Rule.new t
|
30
|
+
else
|
31
|
+
fail OpenSCAP::OpenSCAPError, "Unknown Xccdf::Item type: #{OpenSCAP.xccdf_item_get_type t}"
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
def initialize(t)
|
36
|
+
if self.class == OpenSCAP::Xccdf::Item
|
37
|
+
fail OpenSCAP::OpenSCAPError, 'Cannot initialize Xccdf::Item abstract base class.'
|
38
|
+
end
|
39
|
+
@raw = t
|
40
|
+
end
|
41
|
+
|
42
|
+
def id
|
43
|
+
OpenSCAP.xccdf_item_get_id @raw
|
44
|
+
end
|
45
|
+
|
46
|
+
def title(prefered_lang = nil)
|
47
|
+
textlist = OpenSCAP::TextList.new(OpenSCAP.xccdf_item_get_title(@raw))
|
48
|
+
title = textlist.plaintext(prefered_lang)
|
49
|
+
textlist.destroy
|
50
|
+
title
|
51
|
+
end
|
52
|
+
|
53
|
+
def description(prefered_lang = nil)
|
54
|
+
textlist = OpenSCAP::TextList.new(OpenSCAP.xccdf_item_get_description(@raw))
|
55
|
+
description = textlist.plaintext(prefered_lang)
|
56
|
+
textlist.destroy
|
57
|
+
description
|
58
|
+
end
|
59
|
+
|
60
|
+
def rationale(prefered_lang = nil)
|
61
|
+
textlist = OpenSCAP::TextList.new(OpenSCAP.xccdf_item_get_rationale(@raw))
|
62
|
+
rationale = textlist.plaintext(prefered_lang)
|
63
|
+
textlist.destroy
|
64
|
+
rationale
|
65
|
+
end
|
66
|
+
|
67
|
+
def references
|
68
|
+
refs = []
|
69
|
+
refs_it = OpenSCAP.xccdf_item_get_references(@raw)
|
70
|
+
while OpenSCAP.oscap_reference_iterator_has_more refs_it
|
71
|
+
ref = OpenSCAP::Xccdf::Reference.new(OpenSCAP.oscap_reference_iterator_next refs_it)
|
72
|
+
refs << ref
|
73
|
+
end
|
74
|
+
OpenSCAP.oscap_reference_iterator_free refs_it
|
75
|
+
refs
|
76
|
+
end
|
77
|
+
|
78
|
+
def sub_items
|
79
|
+
@sub_items ||= sub_items_init
|
80
|
+
end
|
81
|
+
|
82
|
+
def destroy
|
83
|
+
OpenSCAP.xccdf_item_free @raw
|
84
|
+
@raw = nil
|
85
|
+
end
|
86
|
+
|
87
|
+
private
|
88
|
+
|
89
|
+
def sub_items_init
|
90
|
+
collect = {}
|
91
|
+
items_it = OpenSCAP.xccdf_item_get_content @raw
|
92
|
+
while OpenSCAP.xccdf_item_iterator_has_more items_it
|
93
|
+
item_p = OpenSCAP.xccdf_item_iterator_next items_it
|
94
|
+
item = OpenSCAP::Xccdf::Item.build item_p
|
95
|
+
collect.merge! item.sub_items
|
96
|
+
collect[item.id] = item
|
97
|
+
end
|
98
|
+
OpenSCAP.xccdf_item_iterator_free items_it
|
99
|
+
collect
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
104
|
+
attach_function :xccdf_item_get_id, [:pointer], :string
|
105
|
+
attach_function :xccdf_item_get_content, [:pointer], :pointer
|
106
|
+
attach_function :xccdf_item_free, [:pointer], :void
|
107
|
+
attach_function :xccdf_item_get_title, [:pointer], :pointer
|
108
|
+
attach_function :xccdf_item_get_description, [:pointer], :pointer
|
109
|
+
attach_function :xccdf_item_get_rationale, [:pointer], :pointer
|
110
|
+
|
111
|
+
XccdfItemType = enum(:benchmark, 0x0100,
|
112
|
+
:profile, 0x0200,
|
113
|
+
:result, 0x0400,
|
114
|
+
:rule, 0x1000,
|
115
|
+
:group, 0x2000,
|
116
|
+
:value, 0x4000)
|
117
|
+
attach_function :xccdf_item_get_type, [:pointer], XccdfItemType
|
118
|
+
|
119
|
+
attach_function :xccdf_item_iterator_has_more, [:pointer], :bool
|
120
|
+
attach_function :xccdf_item_iterator_next, [:pointer], :pointer
|
121
|
+
attach_function :xccdf_item_iterator_free, [:pointer], :void
|
122
|
+
|
123
|
+
attach_function :xccdf_item_get_references, [:pointer], :pointer
|
124
|
+
attach_function :oscap_reference_iterator_has_more, [:pointer], :bool
|
125
|
+
attach_function :oscap_reference_iterator_next, [:pointer], :pointer
|
126
|
+
attach_function :oscap_reference_iterator_free, [:pointer], :void
|
127
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2015 Red Hat Inc.
|
3
|
+
#
|
4
|
+
# This software is licensed to you under the GNU General Public License,
|
5
|
+
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
+
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
+
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
+
# along with this software; if not, see
|
9
|
+
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
+
#
|
11
|
+
|
12
|
+
module OpenSCAP
|
13
|
+
module Xccdf
|
14
|
+
class Reference
|
15
|
+
def initialize(raw)
|
16
|
+
fail OpenSCAP::OpenSCAPError, "Cannot initialize OpenSCAP::Xccdf::Reference with '#{raw}'" \
|
17
|
+
unless raw.is_a?(FFI::Pointer)
|
18
|
+
@raw = raw
|
19
|
+
end
|
20
|
+
|
21
|
+
def title
|
22
|
+
OpenSCAP.oscap_reference_get_title(@raw)
|
23
|
+
end
|
24
|
+
|
25
|
+
def href
|
26
|
+
OpenSCAP.oscap_reference_get_href(@raw)
|
27
|
+
end
|
28
|
+
|
29
|
+
def html_link
|
30
|
+
"<a href='#{href}'>#{title}</a>"
|
31
|
+
end
|
32
|
+
|
33
|
+
def to_hash
|
34
|
+
{
|
35
|
+
:title => title,
|
36
|
+
:href => href,
|
37
|
+
:html_link => html_link
|
38
|
+
}
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
attach_function :oscap_reference_get_href, [:pointer], :string
|
43
|
+
attach_function :oscap_reference_get_title, [:pointer], :string
|
44
|
+
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2015 Red Hat Inc.
|
3
|
+
#
|
4
|
+
# This software is licensed to you under the GNU General Public License,
|
5
|
+
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
+
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
+
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
+
# along with this software; if not, see
|
9
|
+
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
+
#
|
11
|
+
|
12
|
+
require 'openscap/exceptions'
|
13
|
+
require 'openscap/xccdf/item'
|
14
|
+
require 'openscap/xccdf/fix'
|
15
|
+
|
16
|
+
module OpenSCAP
|
17
|
+
module Xccdf
|
18
|
+
class Rule < Item
|
19
|
+
def severity
|
20
|
+
severity = OpenSCAP.xccdf_rule_get_severity(@raw)
|
21
|
+
severity_mapping = {
|
22
|
+
:xccdf_level_not_defined => 'Not defined',
|
23
|
+
:xccdf_unknown => 'Unknown',
|
24
|
+
:xccdf_info => 'Info',
|
25
|
+
:xccdf_low => 'Low',
|
26
|
+
:xccdf_medium => 'Medium',
|
27
|
+
:xccdf_high => 'High'
|
28
|
+
}
|
29
|
+
severity_mapping[severity] ? severity_mapping[severity] : severity_mapping[:xccdf_unknown]
|
30
|
+
end
|
31
|
+
|
32
|
+
def fixes
|
33
|
+
fixes = []
|
34
|
+
items_it = OpenSCAP.xccdf_rule_get_fixes(@raw)
|
35
|
+
while OpenSCAP.xccdf_fix_iterator_has_more items_it
|
36
|
+
fixes << OpenSCAP::Xccdf::Fix.new(OpenSCAP.xccdf_fix_iterator_next(items_it))
|
37
|
+
end
|
38
|
+
OpenSCAP.xccdf_fix_iterator_free items_it
|
39
|
+
fixes
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
XccdfSeverity = enum(
|
44
|
+
:xccdf_level_not_defined, 0,
|
45
|
+
:xccdf_unknown, 1,
|
46
|
+
:xccdf_info,
|
47
|
+
:xccdf_low,
|
48
|
+
:xccdf_medium,
|
49
|
+
:xccdf_high
|
50
|
+
)
|
51
|
+
attach_function :xccdf_rule_get_severity, [:pointer], XccdfSeverity
|
52
|
+
attach_function :xccdf_rule_get_fixes, [:pointer], :pointer
|
53
|
+
attach_function :xccdf_fix_iterator_has_more, [:pointer], :bool
|
54
|
+
attach_function :xccdf_fix_iterator_next, [:pointer], :pointer
|
55
|
+
attach_function :xccdf_fix_iterator_free, [:pointer], :void
|
56
|
+
end
|
@@ -20,7 +20,7 @@ module OpenSCAP
|
|
20
20
|
when FFI::Pointer
|
21
21
|
@rr = t
|
22
22
|
else
|
23
|
-
fail OpenSCAP::OpenSCAPError, "Cannot initialize
|
23
|
+
fail OpenSCAP::OpenSCAPError, "Cannot initialize OpenSCAP::Xccdf::RuleResult with #{t}"
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
@@ -30,7 +30,7 @@ module OpenSCAP
|
|
30
30
|
|
31
31
|
def result
|
32
32
|
OpenSCAP.xccdf_test_result_type_get_text \
|
33
|
-
|
33
|
+
OpenSCAP.xccdf_rule_result_get_result(@rr)
|
34
34
|
end
|
35
35
|
|
36
36
|
def override!(param)
|
@@ -0,0 +1,20 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2015 Red Hat Inc.
|
3
|
+
#
|
4
|
+
# This software is licensed to you under the GNU General Public License,
|
5
|
+
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
+
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
+
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
+
# along with this software; if not, see
|
9
|
+
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
+
#
|
11
|
+
|
12
|
+
require 'openscap/exceptions'
|
13
|
+
require 'openscap/xccdf/item'
|
14
|
+
|
15
|
+
module OpenSCAP
|
16
|
+
module Xccdf
|
17
|
+
class Value < Item
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -17,9 +17,7 @@ require 'openscap/xccdf/benchmark'
|
|
17
17
|
|
18
18
|
class TestBenchmark < OpenSCAP::TestCase
|
19
19
|
def test_new_from_file
|
20
|
-
|
21
|
-
b = OpenSCAP::Xccdf::Benchmark.new @s
|
22
|
-
assert !b.nil?
|
20
|
+
b = benchmark_from_file
|
23
21
|
b.destroy
|
24
22
|
end
|
25
23
|
|
@@ -45,4 +43,80 @@ class TestBenchmark < OpenSCAP::TestCase
|
|
45
43
|
end
|
46
44
|
assert msg.start_with?('Failed to import XCCDF content from'), msg
|
47
45
|
end
|
46
|
+
|
47
|
+
def test_items_in_benchmark
|
48
|
+
b = benchmark_from_file
|
49
|
+
assert b.items.size == 138
|
50
|
+
rules_count = b.items.count { |_, i| i.is_a?(OpenSCAP::Xccdf::Rule) }
|
51
|
+
groups_count = b.items.count { |_, i| i.is_a?(OpenSCAP::Xccdf::Group) }
|
52
|
+
assert rules_count == 76, "Got #{rules_count} rules"
|
53
|
+
assert groups_count == 62, "Got #{groups_count} groups"
|
54
|
+
b.destroy
|
55
|
+
end
|
56
|
+
|
57
|
+
def test_items_title
|
58
|
+
b = benchmark_from_file
|
59
|
+
prelink_rule = b.items['xccdf_org.ssgproject.content_rule_disable_prelink']
|
60
|
+
assert prelink_rule.title == 'Prelinking Disabled', prelink_rule.title
|
61
|
+
b.destroy
|
62
|
+
end
|
63
|
+
|
64
|
+
def test_items_description
|
65
|
+
b = benchmark_from_file
|
66
|
+
install_hids_rule = b.items['xccdf_org.ssgproject.content_rule_install_hids']
|
67
|
+
expected_result = "\nThe Red Hat platform includes a sophisticated auditing system\nand SELinux, which provide host-based intrusion detection capabilities.\n"
|
68
|
+
assert install_hids_rule.description == expected_result, install_hids_rule.description
|
69
|
+
b.destroy
|
70
|
+
end
|
71
|
+
|
72
|
+
def test_items_rationale
|
73
|
+
b = benchmark_from_file
|
74
|
+
aide_rule = b.items['xccdf_org.ssgproject.content_rule_package_aide_installed']
|
75
|
+
expected_rationale = "\nThe AIDE package must be installed if it is to be available for integrity checking.\n"
|
76
|
+
assert aide_rule.rationale == expected_rationale, aide_rule.rationale
|
77
|
+
b.destroy
|
78
|
+
end
|
79
|
+
|
80
|
+
def test_items_severity
|
81
|
+
b = benchmark_from_file
|
82
|
+
prelink_rule = b.items['xccdf_org.ssgproject.content_rule_disable_prelink']
|
83
|
+
assert prelink_rule.severity == 'Low', prelink_rule.severity
|
84
|
+
b.destroy
|
85
|
+
end
|
86
|
+
|
87
|
+
def test_items_references
|
88
|
+
b = benchmark_from_file
|
89
|
+
install_hids_rule = b.items['xccdf_org.ssgproject.content_rule_install_hids']
|
90
|
+
expected_references = [{ :title => 'SC-7',
|
91
|
+
:href => 'http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf',
|
92
|
+
:html_link => "<a href='http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf'>SC-7</a>" },
|
93
|
+
{ :title => '1263',
|
94
|
+
:href => 'http://iase.disa.mil/cci/index.html',
|
95
|
+
:html_link => "<a href='http://iase.disa.mil/cci/index.html'>1263</a>" }]
|
96
|
+
assert_equal(expected_references, install_hids_rule.references.map(&:to_hash), 'Install hids references should be equal')
|
97
|
+
end
|
98
|
+
|
99
|
+
def test_items_fixes
|
100
|
+
b = benchmark_from_file
|
101
|
+
login_defs_rule = b.items['xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs']
|
102
|
+
expected_content = ["var_accounts_minimum_age_login_defs=\"<sub xmlns=\"http://checklists.nist.gov/xccdf/1.2\" idref=\"xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs\" use=\"legacy\"/>\"\ngrep -q ^PASS_MIN_DAYS /etc/login.defs && \\\nsed -i \"s/PASS_MIN_DAYS.*/PASS_MIN_DAYS\\t$var_accounts_minimum_age_login_defs/g\" /etc/login.defs\nif ! [ $? -eq 0 ]\nthen\n echo -e \"PASS_MIN_DAYS\\t$var_accounts_minimum_age_login_defs\" >> /etc/login.defs\nfi\n"]
|
103
|
+
expected_hashes = [{
|
104
|
+
:id => nil,
|
105
|
+
:platform => nil,
|
106
|
+
:content => expected_content.first,
|
107
|
+
:system => 'urn:xccdf:fix:script:sh'
|
108
|
+
}]
|
109
|
+
assert_equal(expected_content, login_defs_rule.fixes.map(&:content), 'Fix content should match')
|
110
|
+
assert_equal(expected_hashes, login_defs_rule.fixes.map(&:to_hash), 'Fix hash should match')
|
111
|
+
end
|
112
|
+
|
113
|
+
private
|
114
|
+
|
115
|
+
def benchmark_from_file
|
116
|
+
source = OpenSCAP::Source.new '../data/xccdf.xml'
|
117
|
+
b = OpenSCAP::Xccdf::Benchmark.new source
|
118
|
+
source.destroy
|
119
|
+
assert !b.nil?
|
120
|
+
b
|
121
|
+
end
|
48
122
|
end
|
metadata
CHANGED
@@ -1,41 +1,41 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: openscap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Simon Lukasik
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-09-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- -
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: 1.0.0
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- -
|
24
|
+
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: 1.0.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: ffi
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- -
|
31
|
+
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: 1.0.9
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- -
|
38
|
+
- - ">="
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: 1.0.9
|
41
41
|
description: |-
|
@@ -46,40 +46,46 @@ executables: []
|
|
46
46
|
extensions: []
|
47
47
|
extra_rdoc_files: []
|
48
48
|
files:
|
49
|
+
- COPYING
|
50
|
+
- README.md
|
51
|
+
- Rakefile
|
49
52
|
- lib/openscap.rb
|
50
|
-
- lib/openscap/xccdf.rb
|
51
53
|
- lib/openscap/ds/arf.rb
|
52
54
|
- lib/openscap/ds/sds.rb
|
55
|
+
- lib/openscap/exceptions.rb
|
53
56
|
- lib/openscap/libc.rb
|
54
|
-
- lib/openscap/xccdf/testresult.rb
|
55
|
-
- lib/openscap/xccdf/benchmark.rb
|
56
|
-
- lib/openscap/xccdf/session.rb
|
57
|
-
- lib/openscap/xccdf/ruleresult.rb
|
58
|
-
- lib/openscap/xccdf/profile.rb
|
59
|
-
- lib/openscap/source.rb
|
60
57
|
- lib/openscap/openscap.rb
|
61
|
-
- lib/openscap/
|
58
|
+
- lib/openscap/source.rb
|
62
59
|
- lib/openscap/text.rb
|
63
|
-
- lib/openscap/
|
64
|
-
-
|
65
|
-
-
|
66
|
-
-
|
67
|
-
-
|
68
|
-
-
|
69
|
-
-
|
60
|
+
- lib/openscap/version.rb
|
61
|
+
- lib/openscap/xccdf.rb
|
62
|
+
- lib/openscap/xccdf/benchmark.rb
|
63
|
+
- lib/openscap/xccdf/fix.rb
|
64
|
+
- lib/openscap/xccdf/group.rb
|
65
|
+
- lib/openscap/xccdf/item.rb
|
66
|
+
- lib/openscap/xccdf/profile.rb
|
67
|
+
- lib/openscap/xccdf/reference.rb
|
68
|
+
- lib/openscap/xccdf/rule.rb
|
69
|
+
- lib/openscap/xccdf/ruleresult.rb
|
70
|
+
- lib/openscap/xccdf/session.rb
|
71
|
+
- lib/openscap/xccdf/testresult.rb
|
72
|
+
- lib/openscap/xccdf/value.rb
|
73
|
+
- test/common/testcase.rb
|
70
74
|
- test/data/invalid.xml
|
75
|
+
- test/data/sds-complex.xml
|
71
76
|
- test/data/testresult.xml
|
72
|
-
- test/xccdf
|
73
|
-
- test/
|
77
|
+
- test/data/xccdf.xml
|
78
|
+
- test/ds/arf_test.rb
|
79
|
+
- test/ds/sds_test.rb
|
80
|
+
- test/integration/arf_waiver_test.rb
|
81
|
+
- test/openscap_test.rb
|
82
|
+
- test/source_test.rb
|
83
|
+
- test/text_test.rb
|
84
|
+
- test/xccdf/benchmark_test.rb
|
74
85
|
- test/xccdf/profile_test.rb
|
86
|
+
- test/xccdf/session_ds_test.rb
|
87
|
+
- test/xccdf/session_test.rb
|
75
88
|
- test/xccdf/testresult_test.rb
|
76
|
-
- test/xccdf/benchmark_test.rb
|
77
|
-
- test/common/testcase.rb
|
78
|
-
- test/source_test.rb
|
79
|
-
- test/integration/arf_waiver_test.rb
|
80
|
-
- COPYING
|
81
|
-
- README.md
|
82
|
-
- Rakefile
|
83
89
|
homepage: https://github.com/OpenSCAP/ruby-openscap
|
84
90
|
licenses:
|
85
91
|
- GPL-2.0
|
@@ -90,17 +96,17 @@ require_paths:
|
|
90
96
|
- lib
|
91
97
|
required_ruby_version: !ruby/object:Gem::Requirement
|
92
98
|
requirements:
|
93
|
-
- -
|
99
|
+
- - ">="
|
94
100
|
- !ruby/object:Gem::Version
|
95
101
|
version: '0'
|
96
102
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
97
103
|
requirements:
|
98
|
-
- -
|
104
|
+
- - ">="
|
99
105
|
- !ruby/object:Gem::Version
|
100
106
|
version: '0'
|
101
107
|
requirements: []
|
102
108
|
rubyforge_project:
|
103
|
-
rubygems_version: 2.
|
109
|
+
rubygems_version: 2.4.8
|
104
110
|
signing_key:
|
105
111
|
specification_version: 4
|
106
112
|
summary: A FFI wrapper around the OpenSCAP library
|